discordrat | a3a09e31d41c820903b6e8c3681eba2e66e1498ed2547ffd374578c8a4173eb1 | Triage

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

240228-t8np4sgf82
MD5

008a68512e985d4e5096cd347ea1be25
SHA1

bb9cf161497a03680f2ed2fd74ff5fbcb4a81cf3
SHA256

a3a09e31d41c820903b6e8c3681eba2e66e1498ed2547ffd374578c8a4173eb1
SHA512

c99f4f079e641d416ccdc973998a9567f8be7ff8e5934a4e3d74508644e199b408926dcb3aaf99907e80086d514f5486c20eabacea999130ec723efaf5fbb379
SSDEEP

1536:F2WjO8XeEXFd5P7v88wbjNrfxCXhRoKV6+V+CPIC:FZz5PDwbjNrmAE+uIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
ODAwMjk0MzQ4NzE3MDMxNDM1.GFBslp.RyEL1k2KVnXUVTE_ItBVV9oxtxiWkzGo0jRx_c
server_id
1135672508683661353

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  008a68512e985d4e5096cd347ea1be25
- SHA1
  
  bb9cf161497a03680f2ed2fd74ff5fbcb4a81cf3
- SHA256
  
  a3a09e31d41c820903b6e8c3681eba2e66e1498ed2547ffd374578c8a4173eb1
- SHA512
  
  c99f4f079e641d416ccdc973998a9567f8be7ff8e5934a4e3d74508644e199b408926dcb3aaf99907e80086d514f5486c20eabacea999130ec723efaf5fbb379
- SSDEEP
  
  1536:F2WjO8XeEXFd5P7v88wbjNrfxCXhRoKV6+V+CPIC:FZz5PDwbjNrmAE+uIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer